Hackers Exploiting Malware In Google Docs

Uploaded on 2025-03-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

A particularly insidious form of malware known as Infostealer is a program that is designed to quietly infect a system and run discretely in the background, to secretly steal sensitive data like passwords or chat logs and send them back to hackers. After it infects a system, it gathers sensitive data such as login credentials, credit card details, chat logs, browsing history and more.

Hackers are now using infostealer on traditional platforms like Google Docs to steal sensitive data from users, according to a new report by AhnLab's Security Intelligence Center (ASEC). 

It uses a tactic known as “malware-as-a-service,” which is making it more difficult for security systems to detect threats and is increasingly being used to target both individuals and organisations worldwide.These criminal programs are usually delivered through phishing attacks, compromised websites, masquerading as pirated software or malicious attachments.

One of the most well known infostealers is LummaC2, which has been active since 2022. It targets browsers, stealing critical information like passwords, cookies, and autofill data. But, a newer hacker, ACRStealer, has recently been discovered by ASEC.

ASEC monitors the Infostealer malware disguised as illegal programs such as cracks and keygens being distributed, and publishes related trends and changes through the Ahnlab TIP and ASEC Blog posts. While the majority of the malware distributed in this manner has been the LummaC2 Infostealer, the ACRStealer Infostealer has seen an increase in distribution.

Infostealer is being increasingly used by cyber criminals, specialising in stealing system data, credentials, crypto-currency wallet details, and configuration files from across a range of different programs.

What sets ACRStealer apart is its use of trusted platforms to communicate with its command-and-control (C2) servers. Rather than embedding the C2 address directly in the malware, attackers use platforms like Google Docs, Steam, and Telegra.ph as intermediaries.

By encoding the C2 address in Base64 and storing it on these trusted sites, attackers can avoid detection, making the malware harder to track. This method, known as Dead Drop Resolver (DDR), allows the malware to function with minimal risk of being detected by security software. The type of data ACRStealer is capable of stealing is extensive. It includes not only browser data, but also text files, FTP credentials, remote access program details, and VPN information.

The malware even targets password managers and chat logs, making it a potent tool for cyber criminals seeking to gather sensitive information.

The use of trusted platforms as delivery methods for malware only underscores the growing complexity of modern cyber attacks.  As cyber criminals continue to evolve their tactics, both individuals and organisations must stay proactive in their cyber security efforts.

Ahnlab     |     I-HIS     |     Tom's Guide     |     Yahoo  |    Cyber News   |     Security Magazine

Image: Unsplash

You Might  Also Read: 

The Proliferation Of Open Source Malware:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« DeepSeek - A Deep Dive Reveals More Than One Red Flag
Russian Hackers Penetrate Ukrainian Signal Accounts »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies provides artificial intelligence solutions and information security solutions.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

Cyber Struggle

Cyber Struggle

At Cyber Struggle, our aim is training and certifying the special forces of the cyber world.

Alpine Cyber Solutions

Alpine Cyber Solutions

Alpine Cyber is a Managed IT Service Provider focused on cybersecurity and cloud services.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

U2opia Technology

U2opia Technology

U2opia is a consortium with a proven track record of delivering groundbreaking technology, cybersecurity, and innovative business solutions.

GreenPages Technology Solutions

GreenPages Technology Solutions

GreenPages provide expert strategic guidance and proven cloud-era solutions for our clients. Every day we help organizations leverage the cloud securely with less risk and cost.

Halcyon

Halcyon

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks.

Blink Ops

Blink Ops

Blink helps security teams streamline everyday workflows and protect your organization better.

DHCO IT

DHCO IT

The DHCO IT team are experts in IT support, cyber security, cloud support and disaster recovery, and are Microsoft 365 partners.

Custom Computer Specialist (CCS)

Custom Computer Specialist (CCS)

CCS offers an extensive range of services including cybersecurity solutions, consulting, implementation, and support to help our clients maximize the value derived from IT investments.

CorePLUS Technologies

CorePLUS Technologies

CorePlus solutions are designed to empower organizations with the tools they need to ensure the utmost protection for their assets, people, and information.

CirrusHQ

CirrusHQ

CirrusHQ are a Specialist AWS Advanced Consulting Partner with a focus on Cloud Management, DevOps, Migration and Consulting Services for the private and public sectors.

Kali Linux

Kali Linux

Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing.

SurePath AI

SurePath AI

SurePath AI is a SaaS platform that governs any GenAI solutions you build, adopt, or buy - even Shadow AI.